Revision as of 13:36, 28 March 2013

Can't make the date? If you come to this page before or after the test day is completed, your testing is still valuable, and you can use the information on this page to test, file any bugs you find at Bugzilla, and add your results to the results section. If this page is more than a month old when you arrive here, please check the current schedule and see if a similar but more recent Test Day is planned or has already happened.

Contents

What to test?

Today's instalment of Fedora Test Day will focus on testing the Shared System Certificates feature. The goal is to make NSS, GnuTLS, OpenSSL and Java share a default source for retrieving system certificate anchors and black list information.

The work done in Fedora 19 is an initial step of a comprehensive solution. But none the less it makes the installation of anchors and blacklists standardized across the various crypto libraries. Currently an update-ca-trust step is required, but in the future we hope to make this unnecessary.

Who's available

The following cast of characters will be available testing, workarounds, bug fixes, and general discussion ...

How to test?

You can use the test cases below, or you can explore the feature further. At a high level the following are being tested

p11-kit-trust provides a replacement for the NSS libnssckbi.so module. The libnssckbi.so used to provide built in certificate trust anchors and blacklists, and now the p11-kit-trust.so module does this. So we'll be testing that NSS applications (like Firefox) continue to work as expected.

ca-certificates extracts files ready for p11-kit-trust.so to use. We'll be testing that these files are installed correctly to be picked up.

ca-certificates provides an update-ca-trust script which uses p11-kit to extract certificate anchor information from p11-kit-trust.so for crypto libraries (gnutls, openssl, java) that cannot yet read directly from p11-kit-trust.so on the fly. We'll test this extract process, and make sure that applications using these crypto libraries continue to work as expected.

There is now a standard method for adding a certificate anchor. We'll test that this works, and is picked up by all the applications.

The test cases below explore the above actions and more. You of course are free to go out of bounds and provide additional testing and feedback. Below is some documentation you may find useful as you do:

Tips and Known Issues

Please check the tips and known issues to see if a problem is already known, and which has helpful information for triaging issues.

Test Results

If you have problems with any of the tests, report a bug to Bugzilla usually for the component ca-certificates, or p11-kit. If you are unsure about exactly how to file the report or what other information to include, just ask on IRC and we will help you.

Once you have completed the tests, add your results to the Results table below, following the example results from the first line as a template. The first column should be your name with a link to your User page in the Wiki if you have one. For each test case, use the result template to enter your result, as shown in the example result line.